The Russian Hacking Whodunnit

1013_john_podesta_01
John Podesta, campaign chairman for Democratic presidential nominee Hillary Clinton, boards her campaign plane in White Plains, New York, September 27. The Russians have mocked accusations that they hacked Podesta's emails. Brian Snyder/Reuters

If Hillary Clinton were Rachel in The Girl on the Train, Vladimir Putin would end up with a corkscrew in his neck. Alas, cyber wars don’t lend themselves to the neat endings of fictional whodunnits, much less most real crimes. Four months after the security firm Crowdstrike revealed that two groups of hackers believed to be based in Russia had penetrated the Democratic National Committee, convincing evidence has yet to surface that the Kremlin is responsible—and it may never. Likewise, security experts said last summer that whoever hacked Hillary Clinton’s private email servers was “far too skilled to leave evidence of their work.”

Nevertheless, the White House, relying on the conclusion of U.S. intelligence that the latest theft of Clinton’s emails originated in Russia, vowed Wednesday to hit back with a “proportional” response that would not be “announced in advance,” in the words of spokesman Josh Earnest. Options could include economic sanctions or diplomatic rebuffs—both problematic because they would entangle allied nations—or tit-for-tat hacks aimed at discomfiting Putin with embarrassing disclosures of the kind Wikileaks has visited on the Democrats. More likely, some experts tell Newsweek on condition of anonymity, the NSA’s stealthy cyber-warriors could zap a few Russian sites with the cyber version of a hit-and-run.

“I think the competing forces here are a desire to call the Russians out and the desire not to tell the Russians that they know” who is responsible, said a leading cyber security expert who asked not to be identified because he is not privy to the details of the Russian hacks. “I think the NSA and the intelligence community are trying to strike a balance,” he added. When the White House called out Chinese hackers last year, naming a specific People’s Liberation Army hacking unit and location, it had “decided that the diplomatic benefits from naming and shaming outweighed any loss from the Chinese figuring out that they were in particular systems and hadn’t been caught.” The same went for North Korea’s hack of Sony Pictures over The Interview, a comedy about an assassination attempt on Kim Jong-un.

The Obama administration hasn’t reached that point with the Russians—yet. “It's safe to assume that almost nothing of how the administration responds will be made public,” Rob Knake, a former White House cyber policy director and current cyber fellow at the Council on Foreign Relations, told Politico. The “goal is to put Putin back in his box. That is harder to do if it involves [Putin] publicly losing face on the international stage.”

So what does “a proportionate response” mean? “I have no idea,” says the cyber expert. “It’s not like the Russian elections are as transparent” and vulnerable to manipulation in the way Wikileaks has inserted itself into the Clinton campaign. Even if the NSA found a partner to publicize some embarrassing personal communications among Putin and his cronies, his grip on the domestic media all but guarantees they would get only limited, if any, circulation inside that country—where it would count most.

The Russians, meanwhile, mocked accusations that they hacked the emails (and later the Twitter account) of John Podesta, Clinton’s campaign chairman. “It’s flattering,” Russian Foreign Minister Sergei Lavrov told CNN’s Christiane Amanpour. “But it has nothing to be explained by the facts; we have not seen a single proof.” When Amanpour pressed, Lavrov responded like a Cheshire cat. “No, we did not deny this, they did not prove it,” he said.

Credentialed skeptics abound here, too, about the origin of the attacks. Former NSA executive William Binney maintains that U.S. officials “know how many people [beyond the Russians] could have done this but they aren’t telling us anything. All they're doing is promoting another cold war.”

Binney, who quit the NSA in 2001 rather than participate in the agency’s domestic data collection program, even compared allegations about Russian hacks to previous U.S. fabrications of intelligence to justify the invasion of Iraq in 2003 and the bombing of North Vietnam in 1964.  

“This is a big mistake, another WMD or Tonkin Gulf affair that’s being created until they have absolute proof” of Russian complicity in the DNC hacks, he charged during a Newsweek interview. He noted that after the Kremlin denied complicity in the downing of a Korean Airlines flight in 1983, the U.S. “exposed the conversations where [Russian pilots] were ordered to shoot it down.” Obama officials “have the evidence now” of who hacked the DNC, he charged. “So let’s see it, guys.“

Should the Obama administration up the ante on Putin, meanwhile, the Russians have plenty of chips to play with.

“That Putin is releasing Hillary's emails now is a coy demonstration that he has everything she ever emailed in his back pocket, including the deleted stuff,” says Jason Matthews, a 35-year CIA veteran who served in Moscow. The Russians didn’t need to hack Clinton’s private email servers, he tells Newsweek , because “they collected them via SIGINT”—signals intelligence, or electronic eavesdropping—”when Hillary and company sent them unencrypted.” For the Spetsviaz, Russia’s version of the NSA, he says, “it was like finding gold without once swinging a pickaxe.”

And it left no trace. Investigators found no “direct evidence” that Clinton’s email account had been “successfully hacked,” FBI Director James B. Comey testified, which “both private experts and federal investigators immediately understood” to mean that “it very likely had been breached, but the intruders were far too skilled to leave evidence of their work,” according to David Sanger, the New York Times cyber expert.

If U.S. intelligence officials are to be believed, Putin has escalated the battle by feeding Wikileaks purloined Clinton campaign emails. But they’ve offered no definitive proof of a link between the two.

Until that happens, it remains a hacking whodunnit. And like Rachel discovered to her horror in The Girl on the Train, we may wish we never found out.